calls for upgrading of Botswana’s cyber security laws
Cyber Intelligence Agency (CIA) (Pty) LTD was established beginning of 2016 and Charles Chavapi, a cyber security expert is at the wheel as the company’s Chief Executive Officer. According to Chavapi the driving factor behind the establishment was the need to combat Information Security and Cyber threats in the country.
“Cyber Security itself is a complex issue and it becomes more complex as the number of attacks as well as their sophistication grow and good Cyber Security Experts are hard to come by. Also, small and medium companies cannot afford to keep Cyber Security Teams in house; as a result, CIA Botswana realized there would be need in the future for enterprises to outsource some of their security functions,” he explained. While CIA is currently more occupied with providing consultative security work in country, Chavapi ascertained that it is fully committed to become the first Botswana Managed Security Service Provider (MSSP).
Chavapi said reception by the community is still a work in progress and business has been like a pendulum sometimes going up and then down; very much expected as Cybersecurity is still at infancy stage in Botswana. Their products range from advancing Security Solutions i.e SIEM solutions, Developing Organization Security Policies, assist organizations performing Information Security Risk Assessments, Vulnerability Assessment, implementation of Cybersecurity Frameworks in likes of NIST,ISO27001:2013, as well conducting IT- Security auditing in the form of Penetration Testing, thus simulating attacks to evaluate security resilience to the subjected systems. “Together with our global technical partners we have performed similar work as mentioned above in small and large companies locally and across the globe,” Chavapi added.
Chavapi believes that to some extent the nation’s Cyber-crime and Computer related Act of 2018 has gaps as far directly dealing with such crimes specifically. “For example, social engineering attacks, with volumes of social media information out there on everyone’s personal likes and dislikes, hackers can figure ways to reach out to you e.g with malware via phishing. Therefore, it may be difficult to prosecute in the event of such a breach; we basically rely on one’s vigilance and companies’ aggression on user education, “he described. Chavapi is of the belief that there is a need to look beyond system access and look exactly at the type of social invention (act on hand) e.g. phishing, then go out to device related penalties to be aligned to the damage that might have been caused. “If it were to be successful, thus then we could say our Act does mitigate all Cyber related crimes or concerns,” he added.
Chavapi further believes that the Cyber Crime and Computer Related Crime Act of 2018, the Communications Regulatory Authority Act of 2012, the Electronic Communication and Transaction Act of 2018, Electronic Records (evidence) Act of 2014, the National ICT Policy of 2004 and the Data Protection Act of 2018) are to some extent applicable to modern day Botswana with the only missing link its implementation. “Many would be surprised that the Cyber Crime and Computer Related Crime Act of 2018 was first enacted back in December 2007 and I recall, with the help of the Minister of Defence then, working in the Banking Sector how we tried to enroll it within the Banking Industry. I was a custodian of that activity then, however when I left the Banking sector the exercise stopped, Chavapi reminisced.
He is confident the new Act of 2018 is in essence an enhanced version of the former and that what really needs to be done is for the authorities to ensure that every organization gets audited against these acts periodically, e.g User awareness must be mandatory for every organization; Affiliation to Recognized professional Institutions and bodies like ISACA should be mandatory, as this would help develop the culture of cyber security within organizations. “Annually organizations including government entities should be audited against these related acts this is the only way we could drive compliance; respectively it would improve the culture of Cyber response,” he added.
According to Chavapi affiliation to professional bodies like ISACA (an international professional association focused on IT governance) as well as working closely with independent subject Matter Experts, as well as with organizations like CIA to ensure motivation of relevant policies and laws that could best help combat crime. Moreover, he trusts that respectively law enforcements officers e.g., police in IT related roles could be encouraged to take on relevant courses with the likes of ISACA to help them upskill themselves on relevant cause of actions.
The Cyber Security expert recognizes key efforts in sensitizing Batswana on cyber security first and foremost to be user awareness sessions thus developing human firewall. “It might be ideal to start teaching Cyber security from tertiary school and even at secondary school level. For organization CIA is much more willing to advance KnowBe4 the world’s first and largest new-school of security awareness training platform i.e. it has capabilities to even simulate phishing activities as a result this could help organizations manage ongoing problems such as social engineering in workplaces,” he mentioned.
CIA is in the venture to conduct Cyber Security Workshops and conferences, that geared to sensitizing system users on the importance of security. “The sky it’s the limit, we are keen to develop talent and capability, respectively create job opportunity for the upcoming Security Experts. We can only attain our goals through continuously building and strengthening our partnership with the world leading experts in Security such as RSA Security and RAPID 7 just to mention a few,” he added.